understanding how conntrack works
alan.ezust at presinet.com
Mon Oct 23 20:19:12 CEST 2006
Greetings all, I'm exploring the kernel source trying to understand better how
the conntrack facility works. I had a couple of questions which I hope
someone more familiar with the code can answer...
Q: Where in the code does a table entry get added to the conntrack table?
nf_conntrack_put doesn't seem to contain much code related to that.
Q: Where in the code is the conntrack data lines being written, and using what
mechanism? (kprintf? procfs?)
I did some ctags jumping and keep coming to the nf_conntrack_put function,
which I expected to contain the code. Instead it only contains a
static inline void
ip_conntrack_put(struct ip_conntrack *ct)
static inline void nf_conntrack_put(struct nf_conntrack *nfct)
if (nfct && atomic_dec_and_test(&nfct->use))
The "destroy" call is an indirect function call, which appears to be a call
(most of the time) to nf_conntrack_core.c:541
static void destroy_conntrack(struct nf_conntrack *nfct)
I hope the table updating and kprintf lines are not embedded within the
Q: What is "master"?
It seems that conntrack data has a concept called "master". When a connection
is "destroyed", a call to the "master" destroy is also made. What is the
relationship between the nf_conntrack and the master of an nf_conntrack
(appears to be a tree or a linked list). It seems to be an ownership
More information about the netfilter